Bug #2379
closed
/etc/logrotate.d/rudder has some errors and empties or removes /etc/init.d/apache2 on SLES server
Added by Nicolas PERRON over 12 years ago.
Updated over 9 years ago.
Description
Using auditd to monitor /etc/init.d/apache2:
# auditctl -w /etc/init.d/apache2 -p war -k apache-initd
# auditctl -e 1
After trying to use rudder logrotate
# logrotate -f /etc/logrotate.d/rudder
error: /etc/logrotate.d/rudder:8 unknown group 'adm'
error: found error in /var/log/rudder/apache2/*.log , skipping
error: /etc/logrotate.d/rudder:11 lines must begin with a keyword or a filename (possibly in double quotes)
error: /etc/logrotate.d/rudder:12 unknown option 'if' -- ignoring line
error: /etc/logrotate.d/rudder:12 unexpected text
error: /etc/logrotate.d/rudder:13 unknown option 'invoke' -- ignoring line
error: /etc/logrotate.d/rudder:13 unexpected text
error: /etc/logrotate.d/rudder:14 unknown option 'else' -- ignoring line
error: /etc/logrotate.d/rudder:15 duplicate log entry for fi
error: found error in /etc/init.d/apache2 reload > /dev/null
fi
fi
endscript
}
What we notice is that logrotate modified /etc/init.d/apache2
# ausearch -f /etc/init.d/apache2 > /tmp/apacheEmptied.log
# ls -lh /etc/init.d/apache*
-rwxr--r-- 1 root root 11K mars 7 18:04 /etc/init.d/apache2-20120311
-rwxr--r-- 1 root root 11K mai 5 2010 /etc/init.d/apache2-20120318
# tail /tmp/apacheEmptied.log
type=CWD msg=audit(1332151344.068:25157): cwd="/root"
type=SYSCALL msg=audit(1332151344.068:25157): arch=c000003e syscall=2 success=yes exit=3 a0=7e0000 a1=0 a2=0 a3=1 items=1 ppid=14733 pid=15889 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=3695 comm="vim" exe="/bin/vim-normal" key="apache-initd"
----
time->Mon Mar 19 11:02:55 2012
type=PATH msg=audit(1332151375.520:25159): item=3 name="/etc/init.d/apache2.1" inode=708635 dev=08:02 mode=0100744 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=2 name="/etc/init.d/apache2" inode=708635 dev=08:02 mode=0100744 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=1 name="/etc/init.d/" inode=114037 dev=08:02 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=0 name="/etc/init.d/" inode=114037 dev=08:02 mode=040755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1332151375.520:25159): cwd="/root"
type=SYSCALL msg=audit(1332151375.520:25159): arch=c000003e syscall=82 success=no exit=-131940659355688 a0=614770 a1=61f330 a2=0 a3=0 items=4 ppid=14733 pid=15893 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=3695 comm="logrotate" exe="/usr/sbin/logrotate" key="apache-initd"
Using logrotate in debug mode (like a dry-run):
# logrotate -df /etc/logrotate.d/rudder
reading config file /etc/logrotate.d/rudder
reading config info for /var/log/rudder/apache2/*.log
error: /etc/logrotate.d/rudder:8 unknown group 'adm'
error: found error in /var/log/rudder/apache2/*.log , skipping
removing last 1 log configs
error: /etc/logrotate.d/rudder:11 lines must begin with a keyword or a filename (possibly in double quotes)
error: /etc/logrotate.d/rudder:12 unknown option 'if' -- ignoring line
error: /etc/logrotate.d/rudder:12 unexpected text
error: /etc/logrotate.d/rudder:13 unknown option 'invoke' -- ignoring line
error: /etc/logrotate.d/rudder:13 unexpected text
error: /etc/logrotate.d/rudder:14 unknown option 'else' -- ignoring line
error: /etc/logrotate.d/rudder:15 duplicate log entry for fi
error: found error in /etc/init.d/apache2 reload > /dev/null
fi
fi
endscript
}
/var/log/rudder/ldap/slapd.log , skipping
removing last 1 log configs
reading config info for /var/log/rudder/reports/*.log
error: /etc/logrotate.d/rudder:32 unknown group 'adm'
error: found error in /var/log/rudder/reports/*.log , skipping
removing last 1 log configs
Handling 3 logs
rotating pattern: /var/log/rudder/apache2/*.log forced from command line (30 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/rudder/apache2/access.log
log does not need rotating
considering log /var/log/rudder/apache2/error.log
log does not need rotating
rotating pattern: /etc/init.d/apache2 reload > /dev/null
fi
fi
endscript
}
/var/log/rudder/ldap/slapd.log forced from command line (no old logs will be kept)
empty log files are rotated, old logs are removed
considering log /etc/init.d/apache2
log needs rotating
considering log reload
error: stat of reload failed: Aucun fichier ou dossier de ce type
considering log >
error: stat of > failed: Aucun fichier ou dossier de ce type
considering log /dev/null
log needs rotating
considering log fi
error: stat of fi failed: Aucun fichier ou dossier de ce type
rotating log /etc/init.d/apache2, log->rotateCount is 0
dateext suffix '-20120319'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /etc/init.d/apache2.1 to /etc/init.d/apache2.2 (rotatecount 1, logstart 1, i 1),
renaming /etc/init.d/apache2.0 to /etc/init.d/apache2.1 (rotatecount 1, logstart 1, i 0),
renaming /etc/init.d/apache2 to /etc/init.d/apache2.1
disposeName will be /etc/init.d/apache2.1
removing old log /etc/init.d/apache2.1
rotating log /dev/null, log->rotateCount is 0
dateext suffix '-20120319'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /dev/null.1 to /dev/null.2 (rotatecount 1, logstart 1, i 1),
renaming /dev/null.0 to /dev/null.1 (rotatecount 1, logstart 1, i 0),
renaming /dev/null to /dev/null.1
disposeName will be /dev/null.1
removing old log /dev/null.1
rotating pattern: /var/log/rudder/reports/*.log forced from command line (30 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/rudder/reports/extWinReport.log
log does not need rotating
considering log /var/log/rudder/reports/winlog.log
log does not need rotating
- Status changed from New to In progress
- Status changed from In progress to Pending technical review
- % Done changed from 0 to 100
- Status changed from Pending technical review to Released
- Project changed from Rudder to 34
- Category deleted (
11)
- Project changed from 34 to Rudder
- Category set to Packaging
Also available in: Atom
PDF
Updated by Nicolas PERRON 
Updated by Jonathan CLARKE 
Updated by